The exploit still exists whether you are on Heroku, shared or bare metal hosting environment. It's not an issue specific to Heroku, it's an issue that affects ruby gems. Your situation would be worse if you convinced the big wigs to switch to Ruby today.